AJS South Africa

Comprehensive Risk Management

Insights Into Practice

Have you ever been curious as to what goes on in the minds of other legal practitioners? Have you ever wondered whether you measure up?

It’s only natural, after all it’s human nature to be curious about the world and the people around you – how do they do what they do?

With that in mind, join us as we investigate frequently discussed topics, with the aim of discovering innovative approaches to the practice of a law in an ever-changing and evolving world.

Take this blog’s topic – comprehensive risk management – Do law firms really need it?

Comprehensive Risk Management

As one can imagine, the legal profession is governed, naturally, by a multitude of complex rules and regulations, with the legal professionals themselves being held to high professional and ethical standards. It leaves little wonder that there are a multitude of risks that every law firm needs to contend with in order to avoid costly penalties and reputation damage. From data breaches to conflicts of interest, bribery, and corruption – to name only a few – the risks are diverse and are lurking behind every corner.

If it sounds ominous then we are doing our job.

Law firms, like all businesses around the globe, need to take risk management seriously. And it starts by looking out for some common risks.

What kind of risks should law firms look out for?
  • Client-related risks – it’s not uncommon for clients to file claims against their legal representation for a whole host of reasons. It’s for this reason that it’s important for lawyers to research their clients before committing to representing them. This will help avoid risks such as having a conflict of interest that might not have been clear and obvious at the onset of your relationship with the client. Do your homework.
  • Human error risk – human error risks relate to anything and everything involving being human. It can be related to technology and cyber threats – a vast majority of social engineering and phishing attacks are predicated on tricking employees into downloading or clicking on something in order to infect their networks and systems. There are also many more risks associated with human error and negligence that can lead to compliance issues and serious legal malpractice claims. For example – errors in communication. If a lawyer fails to inform their client about a matter pertinent to their case, or simply not staying in regular contact can lead to a claim if the client believes that there was no explicit reason that warranted the lack of communication. Something as simple as a missed deadline is another human error that represents a real risk to your law firm. Missing hearings or failing to file documents due to poor time management or sloppy planning can also lead to claims if your clients feel that these errors were detrimental to their cases. Forgetfulness (which is actually bad planning) a basic human trait can have terrible consequences.
  • Anti-money laundering risk – knowing who your clients are and where their funds are coming from is critical for law firms to prevent financial crimes and protect the integrity of their services. Law firms are subject to laws and regulations that aim to prevent money laundering activities, such as hiding the origin of illicit funds or financing terrorism. Law firms are required to implement effective policies & procedures, that typically involve conducting ongoing risk assessments, establishing internal controls, and providing staff training. Law firms must also demonstrate client due diligence by identifying and verifying the identity of clients to assess the potential risks of money laundering or other financial crimes. They should have a clear policy that outlines the type and extent of information required from clients, and the procedures for verifying this information. A firm needs to establish exactly who the work is ultimately for, and then consider if there are any risk issues involved with working for them. Potential client due diligence problems could include – a breach of Sanctions caused by taking on the work or the likelihood of any Politically Exposed Persons involved in the case that could give rise to potential reputational risk issues.
  • Attorney-related risk – this category includes a wide array of procedural, planning, and administrative errors, and omissions such as provision of poor or wrong advice, poor or incorrect drafting of documents, delays, procrastination, or missing deadlines, inadequate or incorrect investigation or research or discovery; and more. Some claims may also involve substantial errors like failure to know or apply the law, as well as malicious acts like fraud, dishonesty, or misrepresentation. 
  • Communication risks – errors in communication can easily lead to claims. If a lawyer fails inform their client about a matter pertinent to their case or simply fails to maintain reasonable contact with their client, risk is present. The risk management process for law firms begins with communication, time management, and planning. Communication includes ensuring that deadlines are set appropriately and that all parties involved in the case know about them; that meetings occur at regular intervals; that phone calls or other forms of communication happen regularly to keep the client informed; and finally, risk management should include training staff to be familiar with clients’ cases and not to assume that everyone is on the same page. Time management risk control means ensuring that there is consistency in case formatting, electronic filing protocols, and guidelines for the submission of evidence.
  • Cybersecurity risks – it’s no secret that cyber-attacks are one of the most prominent threats businesses face today, no matter the industry. The most common types of cybercrimes, such as hacking, social engineering, and malware, cost businesses billions of dollars each year worldwide. Considering the fact that law firms tend to store a great deal of sensitive customer information on computers and other data networks, it’s easy to understand why they’re a popular target for cybercriminals. Examples of cyberattacks include malware, spyware, and virus infections; ransomware, phishing, and social engineering attacks; breaches of electronic devices and IT systems; unauthorized access to sensitive business or client information; lost, damaged, or stolen data; loss of access to a company’s’ website, work email, computer network, or other systems; and more.
  • Legislative risks – law firms have an obligation to know the rules, regulations, and legislation that applies to them (in each of the jurisdictions in which they operate) and to ensure that they are being followed (embroker; AON)

    Risk Management Tips for Law Firms

    Whether your law firm is new on the block or has been around since day one, the below tips – as extracted from AON Attorneys Advantage – can help reduce your exposure to some common risks –

    Document everything – keeping detailed records of everything can help lower your risk exposure and, by extension, your vulnerability to malpractice claims. Best practices in this regard include:

      • Drafting thorough engagement letters that identify the client and clearly set out the legal matter at hand and the scope of your services.
      • Regularly informing clients of the status of their matter, even if there have been no new developments.
      • Keeping written records of all communications with clients and any third parties.
      • Recording conversations and meetings where appropriate and legally permitted.
      • Confirming strategy decisions in writing, even if they may seem trivial, and especially if a client instructs you to go down a less-than-optimal route.
      • Drafting disengagement and non-engagement letters.

      Implement cost transparency – being transparent about your fees and pricing structure from the start of the attorney-client relationship can help manage your clients’ expectations. This, in turn, may reduce the risk of delayed payment, non-payment, or financial disputes overall.
      To that end, you should:

        • Have honest and thorough initial consultations with clients that cover your pricing structure, how and when you are going to bill the client, payment methods you accept, and the consequences of late or missed payments. 
        • Take extra care when recording billable hours and consider investing in time-tracking software.
        • Create invoices that are not only accurate, detailed, and comprehensive but also easy to read and understand.
        • Pick your battles carefully when it comes to fee suits. Sometimes when a client owes you money and refuses to pay, they have a valid reason that may have to do with the quality of service you provided. If you then sue them for legal fees, you may risk exposing yourself to a potential malpractice claim.

        Set up advanced cyber protection – while you may not be able to fend off all attacks, the following measures may help reduce your risk:

          • Educate yourself and your team about common cyber risks.
          • Invest in advanced security software and ensure it is always up to date.
          • If your budget allows it, consider hiring a dedicated IT expert.
          • Draw up incident response plans for different contingencies.
          • Back up all your data regularly and ensure you would be able to access it in the event of data loss.
          • Protect all devices, data, and communications using strong passwords, firewalls, and anti-malware/spyware/virus programs.
          • Change passwords often and implement encryption, a password manager, and multi-step authentication.

          Automate your practice management – in other words: invest in legal software. Take AJS as an example. This can help streamline your operations and reduce the risk of human errors. Otherwise, you may increase your exposure to liability and risk falling behind the technology curve.

            Assess potential clients carefully before taking them on – being more selective with whom you choose to work with may prove more beneficial in the long term, from a risk management perspective. If you aren’t sure that your practice has the capacity to provide the level of service a particular matter warrants, it might be best to refer the client to another firm. This may help lower the risk of suboptimal legal outcomes and having disgruntled clients file malpractice claims against your firm. You should also consider doing your due diligence and researching clients before taking them on. Among other things, this could help avoid conflicts of interest that may not have been apparent when the client first walked in your office. This could also help you avoid potentially litigious clients with histories of malpractice claims.

              Be Honest with Clientssetting expectations is a huge part of the legal risk management process. Honest communication with clients is paramount when discussing realistic expectations and possible case outcomes in order to avoid overpromising and underdelivering.

                In order to manage the common risks faced by legal professionals, it’s important that they are able to identify which risk is present in the first place. The first step towards achieving this should be taking a proactive approach and providing training and education to all of a law firm’s employees so that they know what risks are imminent and how to protect themselves against these risks.

                The second step is to invest in legal tech that can help streamline operations, automate repetitive tasks, and limit human errors. And the third is keeping lines of communication open with clients.

                (Sources used and to whom we owe thanks: embroker; AON; iadclaw and Camms Group).

                – Written by Alicia Koch on behalf of AJS

                Leave a Reply

                Your email address will not be published. Required fields are marked *

                This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.